Skip to content

Brazilian Health Council Conasems Allegedly Breached Again, 766,000 Users' Sensitive Data Leaked

Breach Report Brazil flagBrazil Government / Health Second Breach

Brazilian Health Council Conasems Allegedly Breached Again, 766,000 Users' Sensitive Data Leaked

A threat actor using the alias 888 claims to have leaked a database from Conasems, the National Council of Municipal Health Secretariats of Brazil (Conselho Nacional de Secretarias Municipais de Saúde). The actor describes it as a second, newer breach affecting 766,000 unique users, following an earlier incident they attribute to themselves in November 2025. According to the post, the data spans a wide range of fields, including full names, CPF national ID numbers, account passwords, emails, phone numbers, dates of birth, and locations, as well as highly sensitive categories such as sexual orientation, gender identity, disability status, and racial or ethnic information. The claim is unverified.

Users766,000
TypeHealth / PII
CountryBrazil flagBrazil
Actor888

Post details

TargetConasems
CountryBrazil flagBrazil
SectorGovernment / Health
Claim766,000 unique users
DataCPF, passwords, contact, sensitive categories
NoteSecond breach (after Nov 2025)
Observed
Actor888

!Allegedly included

  • 766,000 unique users
  • Full names & CPF national IDs
  • Account passwords
  • Emails & phone numbers
  • Dates of birth
  • Sexual orientation & gender identity
  • Disability status
  • Race & ethnicity data

Screenshots

Potential impact

Pairing CPF national ID numbers, account passwords, and contact details with special-category information (sexual orientation, gender identity, disability, and race) makes this an unusually sensitive exposure. Beyond the usual risks of identity theft, account compromise, and fraud, the disclosure of intimate attributes creates real potential for discrimination, outing, and targeted harassment of those affected. CPF numbers are core Brazilian identifiers and cannot be reset, and any exposed passwords would put linked accounts at immediate risk. As a repeat incident, it also points to security weaknesses that may not have been resolved. The claim is unverified.

iStatus

Unverified

This is a data-leak post presented as a second breach of the organization, with the download gated behind forum points and several aliases credited alongside the poster (including IntelBroker, EnergyWeaponUser, and wonder). The claim is unverified and Conasems has not publicly addressed it.

Want everything on this breach, including the unblurred screenshots? Paid subscribers get the full claim details, breach URL, and more. Check out the threat feed, then after subscribing, search there for this alert. View pricing →

DARK WEB INFORMER - THREAT INTELLIGENCE

Latest